We are very happy that are you are interested in our company. Data protection is a particularly high priority for the management of IDENTA Ausweissysteme GmbH. It is generally possible to use the IDENTA Ausweissysteme GmbH website without providing any personal data. However, if a data subject wishes to make use of our company’s special services on our website, processing of personal data may be required. If the processing of personal data requires the data subject’s consent, we will generally obtain this consent from the person in question. The processing of personal data, for example, the name, address, email address or phone number of the data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to IDENTA Ausweissysteme GmbH. The purpose of this privacy statement is to inform the public about the type, scope and purpose of the personal data our company collects, uses and processes. Furthermore, this privacy statement informs data subjects about their rights.
As the controller, IDENTA Ausweissysteme GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed on this website. Nevertheless, internet-based data transmissions can have security holes, so we cannot guarantee absolute protection.
1. Name and address of the person in charge of processing
The person in charge of processing (the “controller”) in the sense outlined by the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions relating to data protection is:
IDENTA Ausweissysteme GmbH
Tel.: +49 7720 3909-0
2. Name and address of the data protection officer
You can reach our data protection officer at the above address
3. Collection of general data and information
Each time a data subject or automated system accesses the IDENTA Ausweissysteme GmbH website, a range of general data and information is recorded. This general data and information is stored in the server’s log files. The following can be recorded: (1) the browser type and version used, (2) the operating system used by the accessing system, (3) the website from which the accessing system has arrived at our website (referrer), (4) the sub-websites that an accessing system accesses on our website, (5) the date and time at which the website is accessed, (6) the internet service provider of the accessing system and (7) other similar data and information that serves to aid our emergency response procedure in the event of attacks on our information technology systems.
IDENTA Ausweissysteme GmbH does not draw any conclusions about the data subject when using this general data and information. Rather, this information is used to (1) correctly display the content of our website, (2) optimise the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore used by IDENTA Ausweissysteme GmbH primarily for statistical purposes and also with the aim of increasing data protection and data security within our company. The anonymous data of the server log files is stored separate from other data for a period of 7 days.
Contact form and email contact
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered into the input fields will be transmitted to us and saved.
To process your data, you will be asked to provide your consent during the sending process and reference will be made to this privacy statement. The legal basis for the processing of this data is Art. 6 (1) a GDPR. Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted with the email will be saved. The processing of this personal data serves only to help us to reply to your enquiry. The legal basis for processing this data, which has been shared with us by sending us an email, is Art. 6 (1) f GDPR.
Consent can be revoked at any time. Please note that withdrawal of your consent only has future effect. Processing that took place before the withdrawal of your consent is not affected. Withdrawal of your consent can be sent to the following email address: firstname.lastname@example.org.
Any personal data that you send to us in the context of a job application will be collected and processed for the purpose of handling the application process. Electronic processing is possible, particularly for applications that are received electronically, e.g. via email through the website.
Legal basis for processing:
If you have given your consent to the processing of personal data for specific purposes, the legal basis for this processing is your consent. Consent can be revoked at any time. Please note that withdrawal of your consent only has future effect. Processing that took place before the withdrawal of your consent is not affected.
If the processing of personal data is required to fulfil a contract to which the data subject is a party, as is the case, for example, where processing is required in order to deliver goods or to provide any other service or consideration, processing is carried out based on Art. 6 (1) b GDPR. The same applies to such processing operations necessary to carry out pre-contractual measures, e.g. in case of enquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, for example, to fulfil tax obligations, processing is conducted based on Art. 6 (1) c GDPR. In rare cases, the processing of personal data may be required in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and their name, age, health insurance data or other vital information needed to be passed on to a doctor, hospital or other third parties. Processing would then be based on Art. 6 (1) d GDPR. Lastly, processing operations can be based on Art. 6 (1) f GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override them. Such processing operations are permitted to us because they have been specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 sentence 2 GDPR).
Storage duration and cookies used:
- borlabs-cookie – Saves the visitor’s settings based on which cookies they have agreed to.
- quform_session – Ensures the forms on our website are working properly.
- Matomo – Matomo cookie for website analysis. Generates statistical data on how the visitor uses the website.
The extent to which these cookies can (also) relate to personal data will be outlined below.
You can delete individual cookies or the entire cookie cache via your browser settings. You can also find information and instructions on how to delete these cookies or how to block their storage in advance. Depending on which browser you use, you can find the necessary information on the following links:
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Internet Explorer: https://support.microsoft.com/en-en/help/17442/windows-internet-explorer-delete-manage-cookies
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
- Opera: http://www.opera.com/help
- Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
5. Data protection regulations on the use and application of Matomo
This website uses Matomo (formerly Piwik), an open source software for the statistical evaluation of visitor access. The provider of the Matomo software is: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.
Matomo uses so-called cookies or text files that are saved on your computer and that enable the analysis of your use of the website. The information generated by the cookie regarding your use of the website is stored on a server in Germany. The IP address is anonymised immediately after processing and before it is saved. You can prevent the installation of cookies by changing your browser settings. We would like to point out that deactivating cookies will mean that some of our website’s functions will no longer be available. You can decide whether your browser should allow a unique web analysis cookie from the website operator that allows them to collect and analyse various statistical data.
More information on the Matomo software privacy settings can be found here: https://matomo.org/docs/privacy.
6. Duration for which personal data is stored
Specific storage periods
- Enquiry form: The data will be deleted no later than 6 months after the enquiry has been processed. If there is a contractual relationship, we are subject to the legal retention periods of the HGB (German Commercial Code) and delete your data after these periods have elapsed.
- Applicant data: Applicant data will be deleted no later than six months after the application process has been completed.
- Matomo: Data will be deleted as soon as it is no longer required for our tracking purposes. In our case, this occurs after the following period: 13 months.
General storage durations
The criterion for the storage duration of other personal data is the respective legal retention period. After this period has elapsed, the corresponding data will be routinely deleted, provided that it is no longer required to fulfil or initiate a contract.
7. Routine deletion and blocking of personal data
The controller in charge of processing data processes and saves the personal data of the data subject only for the period of time necessary to achieve the storage purpose or if this is provided for by the European legislators and regulators or the laws or regulations of another legislator, which the controller is subject to during the processing operation.
If the storage purpose no longer applies or the retention period stipulated by the European legislator and regulator or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
8. Right to information pursuant to Art. 15 GDPR
Every data subject has the right to information according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR, the right to object according to Art. 21 GDPR, as well as the right to data portability pursuant to Art. 20 GDPR, provided there are no legal requirements to prevent this (particularly applicable to Art. 15, 17 GDPR, §§ 34 and 35 BDSG (German Federal Data Protection Act)).
If you believe that the processing of your personal data is not lawful, you can lodge a complaint with the responsible data protection supervisory authority (Article 77 GDPR in conjunction with § 19 BDSG).
Information regarding your right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data based on Art. 6 (1) e (data processing in the public interest) and Art. 6 (1) f GDPR (data processing based on the balancing of interests).
To exercise your rights, please contact the above address or email email@example.com.
9. Existence of automated decision-making software
Matomo is a tracking tool that allows us to assess the behaviour of website visitors and to analyse their interests. To do this, we create a pseudonymous user profile.
10. TLS encryption
To protect the security of your data during transmission, we use cutting-edge encryption methods (e.g. TLS) via HTTPS.
11. Validity and changes to this privacy statement
This privacy statement is currently valid and was last updated in March 2020. Due to the further development of our website and the offers on it or due to changes to legal or official requirements, it may become necessary to change this privacy statement. You can access and print out the currently valid privacy statement at any time from the website at www.identa.com.